Bug 1379803 - Please add support for verify-x509-name
Summary: Please add support for verify-x509-name
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: NetworkManager-openvpn
Version: epel7
Hardware: Unspecified
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Gwyn Ciesla
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-27 17:16 UTC by Oliver Ilian
Modified: 2016-12-31 10:48 UTC (History)
4 users (show)

Fixed In Version: NetworkManager-openvpn-1.2.6-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-31 10:48:00 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Oliver Ilian 2016-09-27 17:16:25 UTC
Description of problem:
NetworkManager-openvpn does not support the "verify-x509-name" option, which would replace the deprecated "tls-remote" option.

Please add support for verify-x509-name to allow a transition from tls-remote.

Thanks

Comment 1 Thomas Haller 2016-09-29 11:39:44 UTC
fixed upstream https://bugzilla.gnome.org/show_bug.cgi?id=770922

and also fixed in F25 by package >= NetworkManager-openvpn-1.2.6-0.1.fc25

Comment 2 Oliver Ilian 2016-09-29 13:33:37 UTC
Can we backport his to epel7

Comment 3 Thomas Haller 2016-10-24 12:49:35 UTC
(passing the question on, as I am not the epel7 maintainer)

Comment 4 Gwyn Ciesla 2016-10-24 15:30:47 UTC
If would require a backported patch, as 1.2.6 requires NetworkManager-glib >= 1.2.0, and EL7 uses 1.0.6.

Comment 5 Oliver Ilian 2016-10-24 15:58:36 UTC
@Jon, is this something we can easily do? I am about to open 2 more requests for the openvpn plugin.. maybe we can make it one bigger patch and backport that to EL7 . Would be surely great.

Comment 6 Thomas Haller 2016-10-24 16:01:58 UTC
rhel-7.3 will bring libnm >= 1.2.0 and a NetworkManager that is compatible with the latest version of nm-openvpn.

I think the latest release (1.2.6) would be fine, exactly what's in Fedora 25 (NetworkManager-openvpn-1.2.6-1.fc25).

Note that NetworkManager in Fedora 25 is quite similar to what will come in rhel-7.3.

(the same is true for most other NetworkManager VPN plugins).

Comment 7 Gwyn Ciesla 2016-11-07 14:34:26 UTC
(In reply to Oliver Haessler from comment #5)
> @Jon, is this something we can easily do? I am about to open 2 more requests
> for the openvpn plugin.. maybe we can make it one bigger patch and backport
> that to EL7 . Would be surely great.

I don't think so, which makes RHEL 7.3 especially welcome.

Comment 8 Oliver Ilian 2016-11-29 14:06:46 UTC
so will that mean that we have this option in RHEL 7.3?

Comment 9 Gwyn Ciesla 2016-11-29 14:09:43 UTC
It means that when the EPEL-7 ecosystem reaches 7.3, we can build it.

Comment 10 Michael S. 2016-12-14 11:10:41 UTC
Building a new version would also permit to fix a few others bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1288711  was fixed upstream

https://bugzilla.redhat.com/show_bug.cgi?id=1260168 same.

I suspect the others bugs opened would also be fixed.

Comment 11 Fedora Update System 2016-12-14 18:33:17 UTC
NetworkManager-openvpn-1.2.6-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1427c2b2fc

Comment 12 Fedora Update System 2016-12-16 04:20:02 UTC
NetworkManager-openvpn-1.2.6-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1427c2b2fc

Comment 13 Fedora Update System 2016-12-31 10:48:00 UTC
NetworkManager-openvpn-1.2.6-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.